1. Field of the Invention
The present invention relates to a system and method for management of event logs, and more particularly to a system and method for generating and tracking review of event log reports.
2. Discussion of the Related Art
Advancements in information technologies (IT) have provided ways to interconnect computers and other communication devices in an efficient manner to allow easier exchange of data and access to services. For firms that provide intensive data services, millions of computers and other communication devices attempt to connect and access the data services provided by the firm. These requested data connections may be from internal as well as external clients.
For security purposes, security systems are set in place to log these transactions that are later reviewed to check for security threats. Security issues generally arise in the context of attempts at unauthorized access to servers, files, applications, and other IT assets of the firm. In addition, other events, such as modified files and applications that appear to be performed by legitimate sources, may also be a concern that can only be identified by those who are familiar with the asset. Moreover, regulatory policies, such as Sarbanes-Oxley regulatory requirements, for example, may be in place that requires preventive and detective controls to be provided within the firm to ensure integrity of the data. However, there are several challenges to providing such security oversight in a firm.
In a typical week, thousands, if not millions, of log events may be recorded depending on the size and IT capabilities of a firm. Accordingly, it is a huge challenge to review each and every log event. Further, depending on the IT capabilities of the firm, these log events may be generated by multiple applications spread across multiple servers. Typically, these security logs are reviewed by the security personnel assigned to monitor the network and its operations. While the security personnel may be able to recognize logs directed to attempts at unauthorized access or bottlenecking events to the network, log events specific to certain type of assets, such as a specialized application or server, may easily be overlooked. Moreover, the volume of the log events generated over a period of time as well as the non-descript nature of the logs create a huge challenge to properly review and assess the log events to determine impropriety of the events. Additionally, current security monitoring systems do not have an efficient way to document who reviewed the log events, and which log events were reviewed.